ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pradeep Agrawal <pradeepagrawal8...@gmail.com>
Subject Re: Review Request 68185: RANGER-2168: Add service admin user through service config
Date Fri, 03 Aug 2018 11:12:48 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68185/
-----------------------------------------------------------

(Updated Aug. 3, 2018, 11:12 a.m.)


Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay Kulkarni, Madhan
Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.


Changes
-------

updated descriptions.


Bugs: RANGER-2168
    https://issues.apache.org/jira/browse/RANGER-2168


Repository: ranger


Description (updated)
-------

Patch committed from RR https://reviews.apache.org/r/68096 is having one issue.
When keyadmin user is added as service admin user in kms service then he can't view the kms
policy.
Issue was not there in First patch of RR 68096 but got introduced in second patch.


**Note:** 
1) If there are too many policies then please update following options value in ranger-admin-services.sh
:
-XX:MaxPermSize
-Xmx
-Xms


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java c116ea289 


Diff: https://reviews.apache.org/r/68185/diff/1/


Testing (updated)
-------

Tested following use cases:

USER ROLE | IS Service Admin User

USER | TRUE
USER | FALSE
ADMIN | TRUE
ADMIN | FALSE
KEYADMIN | TRUE
KEYADMIN | FALSE


Service Admin User ROLE | Service Type

USER | NON KMS
USER | KMS
ADMIN | NON KMS
ADMIN | KMS
KEYADMIN | NON KMS
KEYADMIN | KMS

**Observations:**
1) If Admin role user is a Service Admin user in KMS Service then he can't do any operations
in the policies of that service.
2) If Keyadmin role user is a Service Admin user in a NON KMS Service then he can't do any
operations in the policies of that service.
3) If User role user is a Service Admin user in KMS Service then he can't view the KMS service
dashboard.


Thanks,

Pradeep Agrawal


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message